MUSCULAR Reports May Cause Push to Alter New Surveillance Bills
New reports the National Security Agency is secretly tapping the links connecting Google and Yahoo’s data centers around the world may cause alterations to the recently released USA Freedom Act, privacy advocates said in interviews Wednesday. But the reports aren’t likely to affect Google and Yahoo’s joint Foreign Intelligence Surveillance Court petition to disclose more information about government surveillance requests, agreed advocates and an organization that filed an amicus brief in the lawsuit. The Washington Post reported (http://wapo.st/1dNYzxr) the existence of the program, called MUSCULAR, Wednesday afternoon, and the NSA denied it minutes later.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
Intercepting communications overseas is outside FISC’s jurisdiction and under the authority of executive order 12333 (http://1.usa.gov/csl7fV), said Trevor Timm, an activist with the Electronic Frontier Foundation. “The NSA thinks it has the authority to break into Google’s foreign server links through executive order 12333.” That order isn’t addressed in the surveillance-curbing bills released concurrently in the House and Senate Tuesday, Timm said. The bills are designed to end the NSA’s bulk collection of phone metadata and let companies disclose information about the surveillance requests they receive (CD Oct 30 p4).
The bills could be changed to address MUSCULAR-type data collection, said privacy advocates. “This certainly will help to build momentum for legislative reform,” said TechFreedom President Berin Szoka. “It’s fuel to the fires of outrage,” said John Simpson, director of Consumer Watchdog’s Privacy Project. “In the coming days, you will see a push to” include surveillance authorized under executive order 12333 in the bill, said Timm. The Post noted that Senate Intelligence Committee Chairwoman Dianne Feinstein has said Congress has limited oversight of 12333 intelligence gathering.
NSA Director Keith Alexander hadn’t yet read the just-posted story from the Post, but to his knowledge what the report said occurred “never happened,” he told a Bloomberg Government event. The agency isn’t authorized to infiltrate databases but must instead go “through a court order,” he said. “I can tell you factually we do not have access” to Google or Yahoo servers, said Alexander. Companies “are compelled to work with us” and would be in contempt if they refused to surrender the requested information, he said.
Yahoo and Google stressed their extensive security measures. “We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency,” said a Yahoo spokeswoman by email. Google has “long been concerned about the possibility of this kind of snooping, which is why we have continued to extend encryption across more and more Google services and links, especially the links in the slide,” said Chief Legal Officer David Drummond in a statement. “We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform.”
Two senators reintroduced a surveillance overhaul with stronger provisions Wednesday. Judiciary Subcommittee on Privacy, Technology and the Law Chairman Al Franken, D-Minn., and Dean Heller, R-Nev., dropped the Surveillance Transparency Act of 2013 (http://1.usa.gov/1aEn0bH). “My bill would require the NSA to disclose to the public how many Americans are having their data collected, and how many are having their information looked at,” Franken said in a statement. “This legislation goes a long way toward increasing transparency over these programs, and I look forward to holding a hearing on it in my subcommittee."
The bill would call for the government to report annually on the number of FISA orders issued under the authorities of the Patriot Act and FISA, the general categories of information collected, the number of Americans and permanent U.S. residents whose information fell into those categories and was actually reviewed by federal agents and how many searches were run on that data. Companies would also be able to disclose the number of orders received and complied with, the categories of information they produced and the number of users whose information was produced in these categories, said Franken’s news release.
The MUSCULAR reports shouldn’t have a direct impact on Google and Yahoo’s FISC petition, said Szoka. TechFreedom filed an amicus brief in support of Google, Yahoo and the three other technology companies that had joined the petition. EFF has also asked to participate in oral argument. “They are only petitioning to disclose the number of legal requests from the government,” Timm said of the high-tech companies’ request. MUSCULAR falls outside that request, privacy advocates said.
It’s “too soon” to say if Google and Yahoo could use the 4th Amendment to sue the NSA over MUSCULAR, Timm said. Supreme Court cases have concluded 4th Amendment rights extend to U.S. citizens and corporations even when they are outside of the U.S. Whether those rights apply here is a “tougher question,” Timm said. ,,